Apple continues to tell support reps: do not help with Mac malware

Summary:Apple continues to maintain a public silence on the current outbreak of Mac malware, which may have affected more than 60,000 Mac owners. Meanwhile, a leaked document from an Apple call center confirms that the company continues to refuse any help to affected customers.

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

How is Apple responding to the flood of customer calls about installations of the Mac Defender malware?

According to multiple tech support insiders, the company has doubled down on its policy of denying any help to affected customers. Meanwhile, despite evidence that a large number of customers have been affected by this issue, Apple has made no public statement and did not respond to two requests for comment.

My sources tell me call volume for Mac Defender-related issues continues to be high. One AppleCare support agent told me last week that 50% of calls in the previous week were related to this issue. A rep in a different location confirmed that number but said volume had dropped this week:

In the first days after Intego identified the issue I would say 50-60% of calls were driven by Mac Defender.

Now still within the 20-25% range....I think Google may be getting a handle on the gamed SEO placements and poisoned links that started the whole fiasco.

So how big is the problem? Apple's silence makes it impossible to know for sure. However, I'm told that the division that handles Mac support calls receives between 10,000 and 20,000 calls a day. If 25% of those calls are related to this issue, which has been going on for 25 days, the total number of customers affected could be between 60,000 and 125,000, and growing.

One contractor who works for a third party that handles support calls for Apple in North America sent me a confidential document that had been distributed to all personnel at his location. The document contains detailed instructions from "the client" (Apple) that the firm's employees must follow when dealing with calls from customers asking for help with Mac Defender issues. (I've posted a copy of the document at the end of this post.)

The document, which is labeled "Valid as of May 20th 2011 subject to further revisions," instructs support reps to "Start with an upbeat tone and stay positive." That's followed by two blocks that outline the script the agents are expected to follow:

"I am glad that you decided to call in about this issue today. Based on the symptoms you describe it sounds like you may have malware on your computer. I would be more than happy to send you an article about what malware is and is not. Lets [sic] make sure you have all your software up to date."

"Apple's [sic] doesn't recommend or guarantee any specific third part [sic] anti-virus protection over another. However I can suggest several third party virus protection programs that you may want to consider researching to find the best one for your needs."

At that point the rep is ordered to suggest "at least three or four different programs from anywhere" and direct the customer to the App Store or the Apple Online Store.

In a particularly Orwellian turn of phrase, the anonymous author of the document then notes dryly, "According to the client the point of this is to empower the customers to become more internet and security savvy."

The end of the document includes a list of "Things you must never do according to the client." The list of prohibited actions includes all of the steps required to clean a Mac Defender infection:

- You cannot show the customer how to force quit Safari on a Mac Defender call

- You cannot show the customer how to remove from the Login items.

- You cannot show the customer how to stop the process of Mac Defender in their Activity Monitor.

- You cannot refer the customer to ANY forums or discussions [sic] boards for resolution (this includes the Apple.com forums)

The final item on the list contains instructions that prevent support personnel from indirectly helping clients:

- Once you know that the call is about Mac Defender, and then the customer decides to try and ask you general questions to find a loophole (IE: "OK, then how would you uninstall a third party program in general" or "How do I stop programs from starting upon launch") The point of this is, things that would be considered "general product usage" questions are not allowed to be answered if the customer has already informed you that he potentially has MacDefender and is now asking obvious questions to skirt our policy.

The upshot of this policy is to explicitly prohibit any action that could help customers. For tech support personnel, that's a bitter pill to swallow.

One rep who contacted me via e-mail describes the current mood among fellow support reps as "horrid," adding, "We are now under strict orders, of course without distinctly saying it, to help NO ONE with Mac Defender under threat of our jobs ... All I heard all day today from other advisors was how Apple doesn't want to take care of its customers and how this new policy constrained our ability to do our job and directly affects our pay."

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He has served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the a...
Full Bio

Disclosure

Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books have been distributed under several imprints: Que Publishing (a division of Pearson Education); Microsoft Press (with production and distribution by O'Reilly), and Fair Trade Digital Exchange, where he was briefly a partner. On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate. Ed sometimes receive fees and/or travel expenses for live speeches and webinars from companies and organizations. Acceptance of these fees does not constitute an endorsement of the company's products. Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMware. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than seven years ago. All stocks are held in retirement accounts for long-term growth. Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.